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BACKGROUND 

Field of the Invention 

[0001] The present invention relates to computer softv^are. More 
specifically, the present invention relates to a method and an apparatus to facilitate 
software installation on a computer using embedded user credentials. 

Related Art 

[0002] As enterprise systems grow to include large numbers of computer 
systems, the task of managing software for these enterprise systems becomes 
increasingly more challenging. Software management can encompass many 
aspects of configuring and maintaining the enterprise system, such as software 
distribution, configuration management, software management, and policy 
management, such as enforcing rules for virus scanners. 
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[0003] In smaller enterprise systems, it is feasible for an administrator to 
visit each computer within the enterprise to create the necessary configurations. 
However, as the enterprise grows or spreads to multiple locations, it quickly 
becomes impractical for the administrator to visit each computer. 

[0004] Administrators, therefore, have developed methods to remotely 
configure the computers within an enterprise system. These methods include 
pushing software across a network such as the Intemet to a remote site, and 
distributing portable storage media for installation at the remote site. While 
advantageous, these methods present their own set of problems, 

[0005] Installing software on a computer typically requires that the 
installing entity be authenticated to the computer. For example, this 
authentication can include verifying a user name and a password, although other 
types of authentication are also possible. However, the installing entity, for 
example a user of the computer that is trying to install the software from a 
portable storage medium such as a floppy disk, may not have sufficient privilege 
level to accomplish the installation. The installation, therefore, will be aborted. 

[0006] Typically, these software installations require access to the 
operating system to provide the necessary interface between the software and the 
operating system. It is not practical, therefore, to provide every user of a 
computer system with the necessary credentials for authenticating to the computer 
for these software installations. 

[0007] What is needed is a method and an apparatus, which will allow 
installation of the software at a remote installation without the problems detailed 
above. 
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SUMMARY 

[0008] One embodiment of the present invention provides a system that 
facilitates software installation using embedded user credentials. The system 
receives a software installation package at a computer to be installed on the 
computer. The system then extracts an installation program from the software 
installation package. Next, the system determines if the current user has sufficient 
privileges to run the installation program. If not, the system recovers a set of user 
credentials from the software installation package that is associated with sufficient 
privileges to run the installation program. The system then authenticates to the 
computer using this set of user credentials. Finally, the system runs the 
installation program on the computer. 

[0009] In one embodiment of the present invention, the software 
installation package includes an agent that enforces security policies on the 
computer, 

[0010] In one embodiment of the present invention, the soft:ware 
installation package includes a plurality of sets of user credentials, 

[0011] In one embodiment of the present invention, if the set of user 
credentials failed during authentication, the system recovers a second set of user 
credentials from the plurality of sets of user credentials. The system then attempts 
to authenticate to the computer using the second set of user credentials. 

[0012] In one embodiment of the present invention, the set of user 
credentials is encrypted. 

[0013] In one embodiment of the present invention, the software 
installation package is received over a network. 

[0014] In one embodiment of the present invention, the software 
installation package is received on a storage medium. 
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BRIEF DESCRIPTION OF THE FIGURES 

[0015] FIG. 1 illustrates computer 104 in accordance with an embodiment 
of the present invention. 

[0016] FIG. 2 illustrates computer 104 coupled to a network in accordance 
with an embodiment of the present invention. 

[0017] FIG. 3 illustrates software installation package 302 in accordance 
with an embodiment of the present invention. 

[0018] FIG. 4 is a flowchart illustrating the process of installing a software 
installation program in accordance with an embodiment of the present invention. 



DETAILED DESCRIPTION 
[0019] The following description is presented to enable any person skilled 
^ in the art to make and use the invention, and is provided in the context of a parti- 

cular application and its requirements. Various modifications to the disclosed 
1 5 embodiments will be readily apparent to those skilled in the art, and the general 
principles defined herein may be applied to other embodiments and applications 
without departing from the spirit and scope of the present invention. Thus, the 
present invention is not intended to be limited to the embodiments shown, but is 
to be accorded the widest scope consistent with the principles and features 
20 disclosed herein. 

[0020] The data structures and code described in this detailed description 
are typically stored on a computer readable storage medivim, which may be any 
device or medium that can store code and/or data for use by a computer system. 
This includes, but is not limited to, magnetic and optical storage devices such as 
25 disk drives, magnetic tape, CDs (compact discs) and DVDs (digital versatile discs 
or digital video discs), and computer instruction signals embodied in a 
transmission medium (with or without a carrier wave upon which the signals are 
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modulated). For example, the transmission medium may include a 
communications network, such as the Intemet. 

Propagating Software 

[0021] FIG. 1 illustrates computer 104 in accordance with an embodiment 
of the present invention. Computer 104 can generally include any type of 
computer system, including, but not limited to, a computer system based on a 
microprocessor, a mainframe computer, a digital signal processor, a portable 
computing device, a personal organizer, a device controller, and a computational 
engine within an appliance. User 102 can install a software installation program 
from a software installation package stored on storage medium 106. Storage 
medium 106 can include any type of non-volatile storage device that can be 
coupled to a computer system. This includes, but is not limited to, magnetic, 
optical, and magneto-optical storage devices, as well as storage devices based on 
flash memory and/or battery-backed up memory. Details of this software 
installation package and the process of installing the software installation program 
are described below in conjunction with FIGs. 3 and 4. 

[0022] FIG. 2 illustrates computer 104 coupled to a network in accordance 
with an embodiment of the present invention. User 102 can install a software 
installation program from a software installation package stored on server 204. 
Details of this software installation package and the process of installing the 
software installation program are described below in conjunction with FIGs. 3 and 
4. 

[0023] In an alternate embodiment of the present invention, the software 
installation package is pushed from server 204 across network 202. In this 
embodiment, the software installation program may be installed on computer 104 
without intervention by user 102 or knowledge of the process by user 102. 
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[0024] Computer 104 and server 204 are coupled together across network 
202. Network 202 can generally include any type of wire or wireless 
communication channel capable of coupling together computing nodes. This 
includes, but is not limited to, a local area network, a wide area network, or a 
combination of networks. In one embodiment of the present invention, network 
202 includes the Internet. 

Software Installation Package 302 

[0025] FIG. 3 illustrates software installation package 302 in accordance 
with an embodiment of the present invention. Software installation package 302 
includes self-extracting header 304, installation program 306, user credentials 
308, and software binaries 310. 

[0026] Self-extracting header 304 includes executable computer code, 
which is used to uncompress data and programs within software installation 
package 302. Installation program 306 includes computer code to install the 
various programs v^thin software binaries 310. Typically, installation program 
306 needs to authenticate itself to the computer, say computer 104, prior to 
computer 104 allowing installation program 306 to run. 

[0027] User credentials 308 can be used by installation program 306 to 
authenticate to computer 104 in the case where user 102 does not have sufficient 
privilege to run installation program 306, or in the case where software 
installation package 302 is being pushed fi-om server 204 across network 202 
without the user's knowledge or assistance. User credentials 308 can include one 
or more user names with associated passwords, or other authentication credentials 
recognizable by computer 104. In one embodiment of the present invention, user 
credentials 308 are encrypted to provide security fi'om compromise. 
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[0028] Software binaries can include an agent (not shown) for enforcing 
security policies on computer 104 and the necessary .dll files, data files, and the 
like for the agent to operate. This Agent typically runs as a background program 
on computer 104 and may run without the knowledge of user 102. 

Installing the Software 

[0029] FIG. 4 is a flowchart illustrating the process of installing a software 
installation program in accordance with an embodiment of the present invention. 
The process starts when computer 104 receives software installation package 302 
(step 402). Note that software installation package 302 can be received from 
storage medium 106, fi-om server 204 across network 202, or by other equivalent 
means. Note further that software installation package 302 can be received by 
computer 104 either with or without an action by user 102. 

[0030] Next, computer 104 extracts software installation program 306 
from software installation package 302 (step 404). Computer 104 then determines 
if user 102 has sufficient privilege to run software installation program 306 (step 
406). Note that this step may be skipped if the software is being pushed fi-om 
server 204 without the knowledge of user 102. 

[0031] If user 102 does not have sufficient privileges to run software 
installation program 306 on computer 104, computer 104 recovers a set of user 
credentials ftom software installation package 302 (step 408). Next, software 
installation package 302 attempts to authenticate to computer 104 using the 
credentials recovered fi-om software installation package 302 (step 410), 
Computer 104 then determines if the authentication was successful (step 412). 

[0032] If the authentication was not successful at step 412, computer 104 
then determines if there are more credentials available in user credentials 308 
(step 414). If so, the process returns to step 408 to recover the next set of 
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credentials. If there are no more credentials available at step 414, computer 104 
displays an error message (step 416). 

[0033] If the user has sufficient privileges at step 406 or if the 
authentication was successful at step 412, computer 104 allows software 
installation program 306 to operate, thereby installing the software binaries (step 
418). 

[0034] The foregoing descriptions of embodiments of the present 
invention have been presented for purposes of illustration and description only. 
They are not intended to be exhaustive or to limit the present invention to the 
forms disclosed. Accordingly, many modifications and variations will be apparent 
to practitioners skilled in the art. Additionally, the above disclosure is not 
intended to limit the present invention. The scope of the present invention is 
defined by the appended claims. 
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